borg

borg/tasks/main.yml

@@ -0,0 +1,28 @@
+- name: copy key
+  template:
+    src: ../templates/borg_ssh_key.j2
+    dest: /root/borg_ssh_key
+    owner: root
+    group: root
+    mode: 0600
+
+- name: push borg
+  import_role: 
+    name: borgbase.ansible_role_borgbackup
+  vars:
+    borg_encryption_passphrase: "{{ borg_password }}"
+    borg_repository: "{{ borg_repo }}"
+    borg_user: "{{ borg_my_user }}"
+    borg_group: "{{ borg_my_group }}"
+    borgmatic_timer: cron
+    borg_ssh_command: "ssh -o StrictHostKeyChecking=no -i {{ borg_ssh_key }}"
+    borg_source_directories:
+      "{{ base_files + (extra_files[inventory_hostname] | default([])) }}"
+    borg_retention_policy:
+      keep_hourly: 3
+      keep_daily: 7
+      keep_weekly: 4
+      keep_monthly: 6
+    borgmatic_hooks:
+      after_backup:
+        - "curl -d '{{ inventory_hostname }}' {{ backup_topic }}"

borg/templates/borg_ssh_key.j2

@@ -0,0 +1 @@
+{{ borg_secret_key | b64decode }}

deploy.yml

@@ -29,3 +29,6 @@
 
 - name: Website for hatecomputers.club
   ansible.builtin.import_playbook: playbooks/deploy-hatecomputers-club.yml
+
+- name: Deploy borg
+  ansible.builtin.import_playbook: playbooks/deploy-borg.yml

group_vars/borg.yml

@@ -0,0 +1,15 @@
+borg_my_user: "root"
+borg_my_group: "root"
+borg_ssh_key: "/root/borg_ssh_key"
+
+backup_topic: "{{ borg_backup_topic }}"
+
+base_files:
+  - /home
+  - /root
+  - /var
+  - /etc
+  - /boot
+  - /opt
+
+extra_files:

playbooks/deploy-borg.yml

@@ -0,0 +1,6 @@
+---
+
+- name: Borg setup
+  hosts: borg
+  roles:
+    - borg

secrets.txt

@@ -14,3 +14,7 @@ hatecomputers_club_oauth2_client_id
 hatecomputers_club_oauth2_client_secret
 hcaptcha_site_key
 hcaptcha_secret
+borg_secret_key
+borg_password
+borg_repo
+borg_backup_topic